bouroo/cloudflared-daemonset.yml

## cloudflared-daemonset.yml
apiVersion: v1
kind: Namespace
metadata:
  name: cloudflare

---
apiVersion: v1
kind: Secret
metadata:
  name: cloudflared-secret
  namespace: cloudflare
  labels:
    app: cloudflared
data:
  cf_tunnel_token: "Your cloudflare tunnel token in base64 format"

---
apiVersion: apps/v1
kind: DaemonSet
metadata:
  name: cloudflared
  namespace: cloudflare
spec:
  selector:
    matchLabels:
      app: cloudflared
  template:
    metadata:
      labels:
        app: cloudflared
        name: cloudflared
    spec:
      nodeSelector: {}
      containers:
        - name: cloudflared
          image: cloudflare/cloudflared:latest
          imagePullPolicy: Always
          command:
            - cloudflared
            - tunnel
            - --no-autoupdate
            # In a k8s environment, the metrics server needs to listen outside the pod it runs on.
            # The address 0.0.0.0:2000 allows any pod in the namespace.
            - --metrics
            - 0.0.0.0:2000
            - run
          args:
            - --token
            - "$(cf_tunnel_token)"
          env:
            - name: cf_tunnel_token
              valueFrom:
                secretKeyRef:
                  name: cloudflared-secret
                  key: cf_tunnel_token
          startupProbe:
            exec:
              command:
                - cloudflared
                - version
            failureThreshold: 3
            periodSeconds: 10
            successThreshold: 1
            timeoutSeconds: 1
          livenessProbe:
            httpGet:
            # Cloudflared has a /ready endpoint which returns 200 if and only if
            # it has an active connection to the edge.
              path: /ready
              port: 2000
            failureThreshold: 1
            initialDelaySeconds: 10
            periodSeconds: 10
	apiVersion: v1
	kind: Namespace
	metadata:
	name: cloudflare

	---
	apiVersion: v1
	kind: Secret
	metadata:
	name: cloudflared-secret
	namespace: cloudflare
	labels:
	app: cloudflared
	data:
	cf_tunnel_token: "Your cloudflare tunnel token in base64 format"

	---
	apiVersion: apps/v1
	kind: DaemonSet
	metadata:
	name: cloudflared
	namespace: cloudflare
	spec:
	selector:
	matchLabels:
	app: cloudflared
	template:
	metadata:
	labels:
	app: cloudflared
	name: cloudflared
	spec:
	nodeSelector: {}
	containers:
	- name: cloudflared
	image: cloudflare/cloudflared:latest
	imagePullPolicy: Always
	command:
	- cloudflared
	- tunnel
	- --no-autoupdate
	# In a k8s environment, the metrics server needs to listen outside the pod it runs on.
	# The address 0.0.0.0:2000 allows any pod in the namespace.
	- --metrics
	- 0.0.0.0:2000
	- run
	args:
	- --token
	- "$(cf_tunnel_token)"
	env:
	- name: cf_tunnel_token
	valueFrom:
	secretKeyRef:
	name: cloudflared-secret
	key: cf_tunnel_token
	startupProbe:
	exec:
	command:
	- cloudflared
	- version
	failureThreshold: 3
	periodSeconds: 10
	successThreshold: 1
	timeoutSeconds: 1
	livenessProbe:
	httpGet:
	# Cloudflared has a /ready endpoint which returns 200 if and only if
	# it has an active connection to the edge.
	path: /ready
	port: 2000
	failureThreshold: 1
	initialDelaySeconds: 10
	periodSeconds: 10